Fuzzing is a method of using random or semi-random input modifications to expose errors and vulnerabilities in software programs. Fuzzing, or fuzz testing, involves feeding invalid or random data into a computer program and monitoring the program for exceptions, such as crashes, failing built-in code assertions, or potential memory leaks.
Although fuzzing can be effective in identifying defects in software, there are several drawbacks. For example, fuzzing is inherently slow and computationally intensive. Because fuzzing is based in a large part on random modifications to input data, fuzz testing may take a long time to discover all the accessible software paths and determine input data that will cause the software program to crash or result in a hang.
Additionally, many parts of a program's source code are typically not accessible by the fuzzer at all. For example, entry conditions to certain code sections may be too complex to be discovered randomly by the fuzzer. Other code sections may require an external error or event condition independent of the input generated by the fuzzer. In addition, the input samples generated by the fuzzer may not be comprehensive enough. The result is that the fuzzer may only be able to access a relatively small percentage of the program source code. Consequently, many errors and vulnerabilities in software are left undetected.
Thus, there is a need for technological solutions for testing software that are robust and efficient. Advantageously, such solutions should not have the same limitations as existing fuzzing tools. Such solutions should not be limited by barriers in software, but instead should be able to bypass or overcome such barriers to continue the analysis. In addition, such solutions should be quicker and more efficient than existing conventional fuzzing tools.